Introducing spam detection for webforms: An additional layer of protection to keep your Zoho CRM clean and secure

Introducing spam detection for webforms: An additional layer of protection to keep your Zoho CRM clean and secure

Greetings all,

One of the most highly anticipated feature launches—Spam Detection in webforms—has finally arrived!

Webforms are a vital tool for record generation, but they're also vulnerable to submissions from unauthenticated or malicious sources, which can lead to the collection of spam records that clutter CRM systems and reduce data quality. 

Zoho CRM's new spam detection capability provides an additional security layer and minimizes dependencies on the basic options such as captchas and double opt-ins, ultimately improving data quality of webform submissions. Users no longer have to check potential spam records from webforms manually.

Let's dive into how Spam Detection restricts suspected spam records from webforms and helps users keep their CRM clean and organized.

What does spam detection do?

Spam detection offers the following advantages:
  1. Simplifies the manual review of potential spam in webform submissions.
  2. Detects potential spam submissions by identifying invalid or suspicious email addresses and scoring them to indicate spam probability.
  3. Holds these possible spam records for manual approval from users.
  4. Automatically blocks spam records to keep them out of the CRM account.

What happens to webform submissions?

All webform submissions are evaluated against predefined criteria and screened for spam detection. Let's say you've received several webform submissions for the Leads module from your website visitors.

Clean, non-suspicious records that originate from verified IP addresses—and are therefore deemed likely to be genuine and valid—are fed into the Leads module (unless approval has been set for all webform submissions).

In contrast, suspicious submissions are flagged as potentially spam and held back for manual approval in the usual record approval page called, Awaiting Leads (previously known as Approve Leads). These records are assigned a Spam Possibility Score based on the identified suspicious factors. 

The new Record Source column provides details related to the submission's source—for example, the submission's IP address, the webform name, and the URL—when you hover over the info icon. 

The new Spam Possibility column indicates the spam probability for each record as a percentage. You can also view the top reasons behind the scores of the spam record by hovering over the info icon beside it. 


Each reason identified contributes to the score, and the sum is calculated to determine the final Spam Possibility Score for the record. Some of the reasons are listed below:
  1. Submission from bots/crawlers: If a bot or crawler fills and makes a submission via your hosted webform, the Spam Detection layer will automatically identify this malicious submission.
  2. Submission with invalid phone numbers: If a form respondent shares an incorrect phone number, a toll-free number, or a junk contact number, it will be flagged as an invalid phone number.
  3. Submission with invalid email addresses: If the submitted email address originates from a spam source, an unauthorized domain, or a temporary mailbox, it will be flagged as an invalid email address.
We're also introducing an advanced security layer: Honeypot Field, which is a cybersecurity mechanism that identifies bots by detecting submissions made to invisible form fields that genuine users don't interact with. If the submission comes with values filled in the hidden fields, the system flags the entry as likely being a spam submission.

Spam Detection has more parameters like these to detect spam submissions and assign appropriate scores. For quick probability recognition, the following colors represent the severity of spam possibilities:
  1. Green: 1% - 20%
  2. Orange: 21% - 70% 
  3. Red: 71% - 100%

How spam detection helps handle records awaiting approval

Previously, records that awaited approval were evaluated manually and then approved, merged, resolved, or deleted accordingly. In addition to these traditional actions, and with the introduction of Spam Detection, administrators can now optionally block IP addresses of records with high spam possibility scores if they want to restrict further submissions from them.

  1. The Block IP button is available, along with the other buttons like Merge, Approve, or Resolve.

  1. Admins can also directly block an IP by using the Block IP button available when hovering over the info icon.

Record submissions from such blocked IPs will be categorized under the new Blocked record category.
Additionally, Zoho's system internally maintains a set of blacklisted IPs based on security assessments. Records submitted from those IPs will be automatically and permanently blocked by the CRM.
Notes
Note: Records under the Blocked category will be deleted in 60 days.

How to enable Spam Detection for your webforms

While setting up a webform, you'll see the Spam Detection section where you can adjust the Spam Possibility Score slider to set the threshold at which records should be flagged for manual review.

A score range of 90% to 100% will be set by default for all webforms as the tolerance level, which the webform owner can change anytime based on their preferences.

NotesNote: Records whose spam possibility scores fall within the set range will be held for approval, along with the relevant percentages and reasons. If, say, the chosen range is 80 to 100%, only those records with spam possibility percentages between 80 and 100 will be listed. Submissions with lower percentages will not be held as spam.

We've revamped the record approval page to provide a better UI experience and make it easier to manage and review spam records. Let's look at the changes in detail.

Revamped record approval page

  1. In modules like Leads, the "Approve Leads" field under Actions has been renamed to "Awaiting Leads". This change extends to other modules as well.
  2. The approval page has been redesigned to make it easier to switch between categories and review all records. This enhancement applies to all webform-supported modules and team modules.

  3. The number of records in each category displayed prevents users from overlooking records that are awaiting approval.
  4. You can also filter these records using the new filters in the left panel on the Awaiting Leads page.
    1. Filter By Source: Filters records based on the source—webform or import.
    2. Filter By Spam Possibilities: Choosing the Webform option will enable this filter to list records based on the spam possibilities.
    3. Filter By Fields: Lists records based on these fields: Created Time and Record Owner.
    4. Filter By IP - Webform: Filters blocked possible spam entries based on whether a given record is blocked manually by a user or automatically by the system. This filter is available only under the Blocked category.
That concludes everything about spam detection in webforms. Feel free to share your thoughts and suggestions in the comments.

Info
Availability 

Editions: All paid editions, including the developer edition (except for the paid trial edition)
DC: All DCs
Release Plan: This feature will be rolled out in phases. {Updated on Jan 30, 2026]

Regards,
Fiona

    • Recent Topics

    • Scheduled Tickets Need Updated

      There is a very clunky manual way to create reoccurring scheduled tickets. This should be created to be easy for the administrator to create. We create several (10 to 12) reoccurring tickets per account for biweekly and monthly auditing purposes.. The

    • Team Feeds Improvements

      Team Feeds needs to show a feed of every action within the department. Currently it seems that the feed will only show a ticket that I've personally commented on or interacted with/followed. A feed should be that, a feed. As a manager I would like to

    • Better Security, Better User Experience | Help Center Update | June'25

      As part of our commitment to enhancing user experience and security, we are happy to announce updates to our authentication mechanism. This update introduces several key enhancements designed to improve the password recovery process and streamline the

    • Upload Logo to Account Page

      It would be nice to set a logo for an Account

    • View Agent Collision on Ticket List Page

      It would be nice from the ticket listing page (views) to see what agents are working on what tickets rather than having to click into each ticket throughout the day to see what agents are working on what tickets. This functionality would also be desired

    • Restrict user from viewing the detail standard view

      Is there any way to restrict a user(it can be user-field-based) from viewing the detail standard view? Basically, I have created a canvas detailed view so that on some conditions I can hide some data from the users but the standard view client script

    • Upload Picture to Contact

      It would be nice to upload a profile picture to a contact.

    • Allowing Pictures for Client Contacts

      Do you have any plans to allow us to add pictures of our client contacts? There is a silhouette of a person there now, but no way that I can see where I can actually add a picture of the individual.

    • Agent name Alias

      I am seeing that Full name of my staffs are written on every ticket response which is not good for some reasons. It is possible to user like this: Manny P. (First Name with Last Name's First Letter) or  Manny (First Name) This is want we want to show

    • Unable to add attachments to tickets through Desk API

      I able to use the Desk API to generate tickets. However when I try to use the tickets/{ticketId}/attachments endpoint, I always get an Unauthorized error. My app has Desk.Tickets.ALL included in its scope so this should not be an issue

    • What's wrong with this COQL?

      What's wrong with this COQL? Code returns "invalid operator found". SELECT id, Name, Stage, Account, Created_Time, Tag FROM Production_Orders WHERE (Account = '4356038000072566002' AND Stage NOT LIKE '%customer%') ORDER BY Created_Time DESC LIMIT 200

    • [Feature Request] Add support for internationalized top-level domains mail hosting

      This is an important request to add support for internationalized domains mail hosting to https://www.zoho.com/mail/ In this case, that is only limited to domain name/mail address however currently it's already possible for us send mails etc using below

    • Add Enable/Disable to Field Rules and other Rules

      Hi, Sometimes I have rules setup for fields, and until I want to enable them for use, I can set the fields to Hidden but rules still show them, today you have to delete rules and then recreate them again, would be nice to have a toggle for Enabled/Disabled

    • Syncing stuck for days

      Hello when I made an account a few days ago and synced all my notes to it, it is still syncing. My app is only 400mb so I do not know why it is taking so long. Please help

    • Workflow runs on every edit despite not ticking the field repeat this workflow whenever a parent is edited.....

      Hi, It is my understanding that this workflow should only trigger once. Why is this triggering on every edit of the field? Based on another support query - directly from Zoho, If i tick the box 'repeat this workflow whenever a parent is edited' it should

    • How do you add or update tags on Zoho CRM records via n8n? (Workarounds or best practices?)

      Hi all, I’m running into some limitations with the Zoho CRM node in n8n and was wondering how others have handled this: From what I see, the standard Zoho CRM node in n8n doesn’t allow you to add or update tags when creating or updating contacts/leads.

    • API PARAMETER FOR TICKET CLOSED TIME

      Hi, Is there a parameter for filtering tickets by closed time in zoho api, i can see closed time in the API response i get, but can't get tickets by that field while calling. Regards, Anvin Alias

    • Reply to email addresses wrong.

      I have setup my Zoho mail account using my main domain and I also have an Alias setup from a different domain. In Settings - Mail - Compose I have selected to the option "For replies, send using The same email address to which the email was sent to".

    • Meeting integration with Otter.ai

      Would love for an integration with an AI transcription service like Otter.ai to be integrated with Zoho Meeting. Thanks

    • How to close/delete a free creator account?

      I have a free zoho creator account associated with my email address that is not being used.  I want to become a user of another paid zoho creator account but I can not associate with the paid account with the same email.  I assume if I can close or delete the free account I will be able to use the paid account. I have emailed support but no response. Suggestions?

    • Zoho books and zapier causes Invalid data provided

      I have been using zoho books with zapier for over 2 years now, everything was working fine. On September 13th my zaps stopped working. Now on step create sales invoice in zoho books i get an error: Failed to create a create_invoice_v2 in Zoho Books The

    • CRM report

      Is it possible to pull a contacts report that also includes the company industry, as well as the company name? I’m having trouble combining company and contact fields – any help is appreciated. Thank you, Sam

    • Enhancements to Client script?

      Hi Zoho CRM, I've been extensively using Client Scripts to enhance our Deal form experience, particularly for real time validations and auto updating fields based on specific logic. However, I've encountered a challenge regarding permission boundaries.

    • Add views to new CRM UI navigation + Unlimited Webtabs

      Zoho CRM is so close now to being the ultimate business application with the new UI, as soon as this one feature is added. This is probably where Zoho is headed but if it's not I want to BEG for this to be incorporated. What we need is to be able to put

    • E-Mail Distribution List

      How do I create an e-mail distribution list in Zoho Mail?

    • Custom "create meeting" button with more functionality than Zoho currently has?

      I'm looking for a little help/direction in how to do this. Even just some general high level pointers on how this might be able to be done. The current Zoho Meeting Activity functionality is not ideal for my org's workflow. I'd like to try and create

    • Error Code 4: Invalid value passed for JSONString

      Okay, I want to start by saying I know I'm a terrible scripter, so sorry if this is a dumb mistake. I just can't figure it out, even with LLM help. Here's my code: // --- Input Variables --- customer_id = salesorder.get("customer_id"); so_id = salesorder.get("salesorder_id");

    • Organizing contacts/members by company

      I work for a membership organization (representing businesses) and am trying to use Zoho CRM more effectively for managing the points of contact for our members. Currently, our members are listed in our CRM by the primary point of contact's name, but

    • Unable to search in Zoho Email

      I've started using Zoho Email (free version) recently and realized that it doesn't have email search functionality. Am I missing anything here? I've gone through the Zoho tutorial which does show the search bar on the right top of the Zoho UI. But in

    • Response Time Report

      From data to decisions: A deep dive into ticketing system reports Every organization that interacts with its customers should have an established timeframe for how soon an agent is expected to send the first response and any reply to any follow-up messages.

    • Zoho - Outlook plugin

      Does anyone know if there is a way to modify the autofill in the Zoho plugin in outlook? When we create a contact, it enters the correct email address and name, but then pulls information from our own signature line to add phone number, address, etc.

    • Zoho Books - Sales Person Information

      Hi Team, On Invoices, Quotes, etc... I can include the Sales Person, but it only shows their name and not their email or phone number. It would be great to have place on invoice templates where we can manage what sales person information should be shows

    • Offline working in Zoho Creator portal

      Zoho's help says that offline working is only available in the Creator mobile app and not in the portal app. But I can see offline options in the portal app too and it seems to work when I test it. My portal users are often in areas where there is poor

    • Fetch Records using Dynamic Criteria

      Hi,  I have a form that builds a filter based on user input.  I need to fetch the records based on dynamic criteria.  How would I accomplish this as there is no eval function? For example: desiredRecord = Form1[dynamicCriteria];

    • Url filter Report date (pivot chart)

      Hello. Is it possible to filter the data in pivot char using parameters in the url? I'm trying but I should not doing very well. Something like: https://creator.zoho.com/.../....../#Report:MyPivotChartReport?MyDate=01-Jan-2012;31-Jun-2012;MyDate_op=58 Saludos

    • Sending gmail to a particular person fails because the address gets changed to "gmaill", with a second "l" typo somewhere

      I send to bob@gmail.com (example) and get an error sending to bob@gmaill.com, only for this one person. Note the extra "l" in the email the system tried to send to, which was not in the address I entered. Can't find a typo in the contact or anywhere else

    • Emoji Support in Bigin CRM

      We request the implementation of emoji support across Bigin CRM. This feature should allow users to seamlessly use emojis in text fields, headlines, and deals. It would enhance communication, improve the visual appeal of records, and bring more personalization

    • Bigin Booking Pages enhancements

      I would like to ask for several enhancements for the brand new (and promising) Booking feature. 1. Add "Contact/Mobile" Field to Booking form We use Mobile as key (id), but unfortunately it is missing from the Booking form, only Home Phone is available.

    • Amount in words in Indian format

      Hi, I had coded the following code to convert amount in words. But in the code in the format of US like million. But i need in Lakh and Crore. So pls suggest ideas r post corrected code string Num2Words(int val) {     val_s = input.val.toString();     th = {"", "thousand", "million", "billion", "trillion"};     // uncomment this line for English Number System     // th = {"","thousand","million", "milliard","billion"};     dg = {"zero", "one", "two", "three", "four", "five", "six", "seven", "eight",

    • What are people using to send Service based emails?

      Zoho Campaigns is for marketing. Users can unsubscribe from these emails. Service based emails need to be delivered and can without the worry of Can-spam act. What are people using to send service based emails? My mailing list is derived from a database

    • Next Page